Torrent Malware Goes Down as Pirated Streaming Usage Increases

Discussion in 'malware problems & news' started by mood, Apr 2, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,835
    Torrent Malware Goes Down as Pirated Streaming Usage Increases
    April 1, 2019
    https://www.bleepingcomputer.com/ne...es-down-as-pirated-streaming-usage-increases/
     
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    Where do you have to download torrents from in order to get a malware infection? I've downloaded from ThePirateBay for years and the only thing I've seen are .zips that try to make you go to a website to answer weird surveys to get the (non-existent) password.
     
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    The malware is usually in the popular torrents with lots of seeders, the ones offering trendy content.
    If you download Yehudi Menuhin playing Bach Sonatas, well, you are not going to find much malware there...
     
  4. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,021
    Mm. No. The actual show and playback files are never infected.
     
  5. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    The article in the OP says that the malware fools you into thinking that you are running the playback file, when you are really running the malware.

    In more detail:
    "...each malicious file hidden behind the title has reached an average of three users."

    Trojans (33%), downloaders (21%), and adware (28%) were the two most popular threats embedded in TV shows, which are usually delivered within a hidden folder and get launched by unsuspecting victims via a shortcut that replaces the actual TV episode."
     
  6. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,021
    Ahh.. so the victims are clicking on a shortcut that runs an executable. That would do it. It's also the wrong way view a video. You're supposed to drag-n-drop it into your video player, like VLC or WMP. Or make sure it's an actual video you're clicking on.
     
  7. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    That should protect you. Here's more details:

    " The common scenario is this: the user downloads a torrent file or receives an archive with a shortcut by email. At first glance the package contains a copy of the long-awaited episode.
    Yet, apart from the shortcut, the archive will also contain a hidden folder with the ‘system’ attribute on, making it invisible even if Windows Explorer is configured to display hidden files.
    By clicking on the shortcut in hope to watch the video, the user will launch the AutoIt script sitting in the hidden folder along with its interpreter and several other .lnk files.
    AutoIt is a worm that spreads through removable disks and runs a backdoor, which is then added to autorun (writing paths to the .lnk files from the hidden folder) and used to accomplish the following actions:


    1. Display a specified message
    2. Execute commands in cmd.exe
    3. Download and launch to% Temp% files
    4. Shutdown/restart computer
    5. Go to a specified URL
    6. Auto-click various webpage items
    7. Terminate, restart, update itself "
     
  8. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    I'm using Simple Software Restriction Policies which means I can't run an .exe in my torrent folder even if I tried ;)
     
  9. XenMan

    XenMan Registered Member

    Joined:
    May 8, 2018
    Posts:
    130
    Location:
    Australia
    Almost got done once with a tv show that was fresh out, with mkv.exe file and blindly clicked on it with the UAC saving me.

    Timing was perfect as show hadn't even been broadcast yet.

    Otherwise never had a problem, but wasn't there something here recently about drive by problems from ads at Pirate Bay?
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,485
    Even when the ads at TPB are not malicious, they are toxic. You need an ad-blocker!
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,835
    Malicious campaign targets South Korean users with backdoor-laced torrents
    ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure
    July 8, 2019

    https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.